550 likes | 718 Views
Telecommunications & Network Security. Originally (1/01) by: Usha Viswanathan Modified (1/03, 5/06 ) by: John R. Durrett. Presentation Overview. C.I.A. as it applies to Network Security Protocols & Layered Network Architectures OSI and TCP/IP TCP/IP protocol architecture
E N D
Telecommunications & Network Security Originally (1/01) by: Usha Viswanathan Modified (1/03, 5/06 ) by: John R. Durrett
Presentation Overview • C.I.A. as it applies to Network Security • Protocols & Layered Network Architectures • OSI and TCP/IP • TCP/IP protocol architecture • IP addressing & Routing • TCP • Applications • IPv6
C.I.A. • Confidentiality: The opposite of disclosure • Elements used to insure: Security Protocols, authentication services, encryption services • Integrity: The opposite of Alteration • Elements used to insure:Firewalls, Communications Security Management, Intrusion Detection Services • Availability: The opposite of destruction / denial • Fault Tolerance, Acceptable system performance, Reliable administration and network security
Protocols & the Layered Network: Intro • Protocol: • A standard set of rules that determine how computers talk • Describes the format a message must take • Enables multi-platform computers to communicate • The Layered Architecture Concept • Data passes down through the layers to get “out”, and up to get “in” • Reasons for use: to clarify functionality, to break down complexity, to enable interoperability, easier troubleshooting
ISO’s Open Systems Interconnect (OSI) Reference Model • Protocol Layering • Series of small modules • Well defined interfaces, hidden inner processes • Process modules can be replaced • Lower layers provide services to higher layers • Protocol Stack: modules taken together • Each layer communicates with its pair on the other machine
Application Application Presentation Presentation Session Session Transport Transport Datalink Datalink Physical Physical The OSI Model Sender Receiver The path messages take Network Network Across Network
Application Presentation Session Transport Network Datalink Physical OSI Layers Communication partners, QoS identified Semantics , encryption compression (gateways) Establishes, manages, terminates sessions Sequencing, flow/error control, name/address resolution Routing, network addresses (routers) MAC address, low level error control (bridges ) Encoding/decoding digital bits, interface card
Application Transport Layer Network Layer Network Layer TCP/IP Application Transport Layer Transport Layer Network Layer Network Layer Network Layer Network Layer Alice Router Bob
Application Presentation Session Transport Network Datalink Physical TCP/IP: The Protocols and the OSI Model TELNET FTP SMTP DNS SNMP DHCP RIP RTP RTCP Transmission Control Protocol User Datagram Protocol OSPF ICMP IGMP Internet Protocol ARP Ethernet Token Bus Token Ring FDDI
Data Encapsulation by Layer Data Application TCP Header TCP Datagram Network Packet Data Link Frame Destination Opens envelopes layer-by-layer
Transmission Control Protocol (TCP) • Traditional TCP/IP Security: None • No authenticity, confidentiality, or integrity • Implemented & expanding: IPSec • Workhorse of the internet • FTP, telnet, ssh, email, http, etc. • The protocol responsible for the reliable transmission and reception of data. • Unreliable service is provided by UDP. • Transport layer protocol. • Can run multiple applications using the same transport. • Multiplex through port numbers
TCP Fields Source port Destination port Sequence number Acknowledgment number Data offset Reserved Window Checksum Urgent pointer Options Padding data U R P A C K P S H R S T S Y N F I N
TCP Connection Establishment • Alice to Bob: SYN with Initial Sequence Number-a • Bob to Alice: ACK ISN-a with ISN-b • Alice to Bob: ISN-b • Connection Established
Source Port Destination Port Message Length Checksum Data … User Datagram Protocol (UDP) • Connectionless • Does not retransmit lost packets • Does not order packets • Inherently unreliable • Mainly tasks where speed is essential • Streaming audio and video • DNS
Ports “Ports are used in the TCP [RFC793] to name the ends of logical connections which carry long term conversations. For the purpose of providing services to unknown callers, a service contact port is defined. This list specifies the port used by the server process as its contact port. The contact port is sometimes called the "well-known port". • Source port • Destination port • Logical connection • Priviledged – unprivileged ports
Network Address Translation (NAT) • Illegal Addresses • Unroutable addresses: 10.0.0.0 192.168.0.0 • Limited address space in IP V4 • NAT maps bad to valid addresses • Mapping to single external address • One-to-One mapping • Dynamically allocated addresses 12.13.4.5 10.0.0.5 Router
Logical Structure of the Internet Protocol Suite SNMP FTP TFTP TELNET DNS HTTP User Datagram Protocol Transmission Control Protocol Connectionless Connection Oriented IP (ICMP,IGMP) Internet Addressing ARP RARP Physical Layer
Address Resolution Protocol (ARP) Maps IP addresses to MAC addresses When host initializes on local network: • ARP broadcast : IP and MAC address • If duplicate IP address, TCP/IP fails to initialize Address Resolution Process on Local Network • Is IP address on local network? • ARP cache • ARP request • ARP reply • ARP cache update on both machines
ARP Operation Here is my MAC address Give me the MAC address of station 129.1.1.4 ARP Request Not me Not me B 129.1.1.1 C 129.1.1.4 ARP Response Accepted Request Ignored Request Ignored That’s me
Address Resolution on Remote Network • IP address determined to be remote • ARP resolves the address of each router on the way • Router uses ARP to forward packet Router Network B Network A
Reverse Address Resolution Protocol (RARP) RARP Response Give me my IP address 129.1.1.1 Not me Not me RARP Request Diskless Workstation RARP Server B C RARP Response Accepted Request Ignored Request Ignored • Same packet type used as ARP • Only works on local subnets • Used for diskless workstations 23
The Internet Protocol (IP) • IP’s main function is to provide for the interconnection of subnetworks to form an internet in order to pass data. • The functions provided by IP are: • Addressing • Routing • Fragmentation of datagrams
Host Name Resolution Standard Resolution • Checks local name • Local HOSTS file • DNS server Windows NT Specific Resolution • NetBIOS cache • WINS server • b-node broadcasts • LMHOSTS file (NetBIOS name)
Routing Packets • Process of moving a packet from one network to another toward its destination • RIP, OSPF, BGP • Dynamic routing • Static routing • Source routing
Static Routing Tables • Every host maintains a routing table • Use the “route” command in Linux and Windows • Each row (or “entry”) in the routing table has the following columns: • (1) destination address and (2) mask • (3) gateway [i.e., the IP address of the host’s gateway/router] • (4) interface [i.e., the IP address of a host interface] • (5) metric [indicates the “cost” of the route, smaller is better] • When the host wants to send a packet to a destination, it looks in the routing table to find out how • Each OS handles routing somewhat differently
LAN Technologies • Ethernet: CSMA/CD, occasionally heavy traffic, BUS topology • ARCnet: token passing, STAR topology • Token Ring: active monitor, IBM, RING topology • FDDI: token passing, fast, long distance, predictable, expensive • Media & Vulnerabilities • Attenuation, Crosstalk, Noise • Coax: cable failure & length limits • Twisted Pair (Cat 1-7): bending cable, crosstalk, Noise • Fiber-Optic: cost, high level of expertise required to install • Wireless: later
Coaxial Cable • Two types • ThinNet (10Base2) • 10 Mbps, 30 nodes per segment, max 180 meters • LAN • ThickNet (10Base5) • 10 Mbps, 100 nodes per segment, max 500 meters • Backbone • Insecure • Coax is easy to splice
Twisted Pair Copper Cable • Copper wire • Twist reduces EMI • Classified by transmission rates • Cat3, Cat5, Cat5e, Cat6
Fiber-Optic Cable • Glass core with plastic shielding • Small, light, fragile, and expensive • Very fast transmission rate • Can transmit data very far • Immune to interference • Hard to splice
Security Concerns • Easy to insert a node or splice into network • Most attacks involve eavesdropping or sniffing • Physical security • War driving
Network Topologies • BUS • Ethernet • RING • Unidirectional • FDDI, Token Ring • STAR • Logical BUS tends to be implemented as physical Star • TREE • Basically a complicated BUS topology • MESH • Multiple computer to computer connections
Hubs & Switches • Hub: • broadcasts information received on one interface to all other physical interfaces • Switch: • does not broadcast • Uses MAC address to determine correct interface
“Dumb” Devices (forward all packets) Layer 1 = Hub, Repeater Technically, a hub passes signals without regenerating them Layer 2 = Bridge Connects different types of LANs (e.g., Ethernet and ATM, but not Token Ring if you’re lucky) “Intelligent” Devices (decide whether to forward packets) Layer 3 = Router Use routing table to make decisions Improvedperformanceand security Layer 2/3 =Bridge/Router Unswitched Devices
Switches • Layer 2 = data link layer (MAC address) = + over hubs/repeaters • Systems only see traffic they are supposed to see • Unswitched versus switched (full duplex) 10 and 100 mb Ethernet =40% of bandwidth versus 95%+ (no collisions) • Layer 3 = network layer (IP address) = + over routers • Routers moved to periphery • Virtual LANs (VLANs) become viable • Layer 4 = transport layer (TCP/UDP/ICMP headers) = + over L3 • Firewall functionality (i.e., packet filtering) • Significantly more expensive • Layer 5 = session layer and above (URLs) = + over L4 for clusters • Application proxy functionality (but MUCH faster than proxies) • Special function, cutting-edge = significant specific performance gains • 1999/2000: researchers (from IBM & Lucent) designed a layer 5 switch as front-end to a load-balanced 3-node cluster running AIX and Apache: • 220% performance increase due to content partitioning • 600% performance increase due to SSL session reuse
Firewalls • Control the flow of traffic between networks • Internal, External, Server, Client Firewalls • Traditional Packet filters • Stateful Packet filters • Proxy-based Firewalls
Traditional Packet Filters • Analyses each packet to determine drop or pass • SourceIP, DestinationIP, SrcPort, DestPort, Codebits, Protocol, Interface • Very limited view of traffic
Stateful Packet Filters • Adds memory of previous packets to traditional packet filters • When packet part of initial connection (SYN) it is remembered • Other packets analyzed according to previous connections
Proxy-based (Application) Firewalls • Focus on application to application • Can approve: • By user • By application • By source or destination • Mom calls, wife answers, etc.
Firewall Architectures • Packet-Filtering Routers • Oldest type, sits between “trusted” & “untrusted” networks • Screened-Host Firewalls • Between a trusted network host and untrusted network • Dual-Homed Host Firewalls • Two nics, ip forwarding, NAT translation • Screened-Subnet Firewalls • Two screening routers on each side of bastion host • DMZ
Security • Encryption: Symmetric vs Asymmetric, hash codes • Application Layer • PGP, GnuPG, S/MIME, SSH • Session Layer: Secure Socket Layer (SSL) • Digital certificates to authenticate systems and distribute encryption keys • Transport Layer Security (TLS) • Network-IP Layer Security (IPSec) • AH: digital signatures • ESP: confidentiality, authentication of data source, integrity
Introduction to the TCP/IP Standard Applications • DHCP–Provides for management of IP parameters. • TELNET–Provides remote terminal emulation. • FTP–Provides a file transfer protocol. • TFTP–Provides for a simple file transfer protocol. • SSH-Encrypted remote terminal & file transfer • SMTP–Provides a mail service. • DNS–Provides for a name service.
DHCP Operation DHCP Server B DHCP Server A DHCP Client FFFFFF DHCP Discover DHCP A Offer (IP addr) DHCP B Offer (IP addr) DHCP Request (A) DHCP A ACK
TELNET TELNET server TELNET server Host TELNET client
File Transfer Protocol (FTP) Host Storage Client (TFTP – uses UDP)
Simple Mail Transfer Protocol (SMTP) • Basic RFCs 821, 822, 974. • Very fast and capable of delivery guarantee depending on client & server. • Primary protocols are used for today’s email. • SMTP–operates over TCP, used primarily as send protocol • POP–operates over TCP, basic receive protocol • IMAP-allows remote storage • Exchange-calendar, contacts, storage, news • http-web interface • Problems: • Phishing, viruses, no built in protects for “stupidity” • Client software glitches
Post Office Protocol (POP) • SMTP is set up to send and receive mail by hosts that are up full time. • No rules for those hosts that are intermittent on the LAN • POP emulates you as a host on the network. • It receives SMTP mail for you to retrieve later • POP accounts are set up for you by an ISP or your company. • POP retrieves your mail and downloads it to your personal computer when you sign on to your POP account.